On this Page
Snap type: | Read | |||||||
---|---|---|---|---|---|---|---|---|
Description: | This Snap executes a search query and retrieves data from Splunk using the Splunk REST API.
[ { "_sourcetype": "mailServiceLog", "index": "main", "host": "dropbox", "_cd": "0:49158", "_serial": "0", "_si": "dropbox,main", "splunk_server": "dropbox", "linecount": "1", "_indextime": "1422929287", "_raw": "Thu Jan 25 2015 00:15:06 mailsv1 sshd[5276]: Failed password for invalid user appserver from 194.8.74.23 port 3351 ssh2", "source": "secure.log", "_bkt": "main~0~85A0230B-D211-4DF5-AB4A-81F2C79F1281", "_time": "2015-01-25T00:15:06.000+00:00", "sourcetype": "mailServiceLog" }, { "_sourcetype": "mailServiceLog", "index": "main", "host": "dropbox", "_cd": "0:49153", "_serial": "1", "_si": "dropbox,main", "splunk_server": "dropbox", "linecount": "1", "_indextime": "1422929287", "_raw": "Thu Jan 25 2015 00:15:06 mailsv1 sshd[1039]: Failed password for root from 194.8.74.23 port 3768 ssh2", "source": "secure.log", "_bkt": "main~0~85A0230B-D211-4DF5-AB4A-81F2C79F1281", "_time": "2015-01-25T00:15:06.000+00:00", "sourcetype": "mailServiceLog" } ] | |||||||
Prerequisites: | [None] | |||||||
Support and limitations: |
| |||||||
Account: | This Snap uses account references created on the Accounts page of SnapLogic Manager to handle access to this endpoint. The Snap requires a Splunk basic auth account. | |||||||
Views: |
| |||||||
Settings | ||||||||
Label | Required. The name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline. | |||||||
Search query | Required. Search query to be submitted to Splunk. Example: "search * | head 10" Search a default index "main" and get 10 events. Default value: [None] | |||||||
Earliest time | Enables you to execute the Snap during the Save operation so that the output view can produce the preview data. Default value: Not selected | |||||||
Latest time | Latest time for search. This property is ignored if the Last property has a valid value. Example: "2015-02-20T12:00:00.000-07:00" Default value: [None] | |||||||
Last | Time duration as in "last 7 days". Leave this property blank if you want to use the Earliest/Latest time properties for the search. Example: 100 Default value: 7 | |||||||
Unit | Time unit for the Last property. The available options are:
Example: days Default value: days | |||||||
Earliest Relative | Returns search results based on the earliest time you choose, relative to the Last and Unit fields. The available options are:
Default value: No Snap-to | |||||||
Latest Relative | Returns the search results based on the latest time you choose, relative to the Last and Unit fields. The available options are:
Default value: Now | |||||||
Preset Relative Search | Returns events for the time range selected here. The available options are:
If Preset Relative Search is not set to None, the Snap ignores all values entered in the Earliest time, Latest time, Last, Unit, Earliest Relative, and Latest Relative fields. | |||||||
Snap Execution | Select one of the three modes in which the Snap executes. Available options are:
|